Realtime not working in supabase-js 2.54+
Hello ! I've recently updated supabase-js from 2.49 to 2.57 and my realtime connection does not work anymore.
This is the code that handle my subscription. It works up to v2.53, and I can't find in documentation what might be wrong.
19 Replies
For some reason, it works if I put my subscription in a setTimeout(() => {...}, 1000) ... Could it be some kind of JWT token missing or something ?
I'm not seeing an issue with a simple javascript only test environment with latest supabase-js.
I think it's linked to auth and RLS. Still investigating. I've seen very similar issues to my cas:
- https://github.com/supabase/realtime-js/issues/513
- https://github.com/supabase/supabase-js/issues/1536
- https://github.com/supabase/realtime/issues/1524
- https://github.com/supabase/realtime/issues/1514
1514 certainly seems could be related based on your description.
I would add to an issue there.
Could be a timing difference on getting a session into realtime.
I did work with a user the past couple of days that used the setAuth command in Next.js to get things working even though that should not be needed. Could be related. He set the access_token there.
Thanks man ! Do I need a custom JWT ? Where can I find doc for setAuth ?
The other user just was putting in the access_token(jwt) from the session. This is not what it is intended for but they would seem to not get responses until they did it. I don't think it hurts, but it is a bug if needed so not documented for normal use. I don't need it with my test code, but it is not next.js and that has never needed it.
https://supabase.com/docs/guides/realtime/postgres-changes#custom-tokens
Just found the source !
I consider it a hack around some new issue if it works and you should add to that last issue if it solves your problem. Something is broken if needed.
src/RealtimeClient.ts
GitHub
realtime-js/src/RealtimeClient.ts at master · supabase/realtime-js
An isomorphic Javascript client for Supabase Realtime server. - supabase/realtime-js
I will test using this before I subscribe. Apparently I can just not give him a token and it will use the token it finds. U will review the code further to make sure ^^
It is supposed to use the token in supabase-js already. I'm just saying ONE next.js user very recently was saying that line made there code work. It should not be needed, but if he removed it, it would stop. Could have been other things wrong in their setup of the session.
It works with the await supabase.realtime.setAuth() called before you subscribe.
So there is some kind of delay issue between getting the JWT and subscription. I think only a setup with RLS will notice.
Please add your finding to that last issue you showed. Something is wrong with realtime-js most likely with that issue, the other user finding setAuth helping and your issue.
I've let a comment on:
- https://github.com/supabase/realtime-js/issues/513
- https://github.com/supabase/supabase-js/issues/1536
- https://github.com/supabase/realtime/issues/1514
So it's all 3 repos where people are having similar issues. Maybe it helps someone else. Thank you as well for your help @garyaustin
@garyaustin I sent a message to the support. And they told me to migrate to Broadcast, linking to this blog post: https://supabase.com/blog/realtime-broadcast-from-database
And funny enough in there you can find the same call to supabaseClient.realtime.setAuth() stated as "Needed for Realtime Authorization".
So at this point it looks intended and might just need a doc update for postgres_change involving RLS.
Realtime: Broadcast from Database
Use Realtime Broadcast to scale sending database changes to clients
Also made this feedbacks regarding broadcast:
- The documentation could be clearer regarding RLS (Row-Level Security) for realtime.messages. It's surprisingly easy to unintentionally expose data publicly via broadcast. This happens because you first configure RLS for a table, but then you need to manually replicate the same RLS logic within the RLS for realtime.messages.
- For users aiming to enable real-time functionality for multiple tables via broadcast, the current approach may not be ideal. Since realtime.messages requires numerous SELECT policies, this can result in a large, cumbersome policy that negatively impacts performance and is difficult to maintain.
- I checked again that the supabase.realtime.setAuth() method is not mentioned as a requirement in the documentation for postgre_change subscriptions involving RLS. However, based on the realtime.messages and broadcast documentation, it seems like this is intended behavior. It might be worth adding this detail to the postgre_change documentation for clarity.
- Lastly, it would be incredibly helpful if subscribing to the same channel name multiple times didn’t fail silently. Currently, when the same channel name is reused, the subscription callback isn’t triggered, and there’s no error message, subscription status, or real-time updates. While testing broadcast, I reused the same channel name and spent 20–30 minutes figuring out why nothing was working. I imagine this could be a common pitfall, especially for larger teams where multiple developers need to coordinate channel usage.
Thanks @GuySake @garyaustin , this thread fixed my issue. I set it up like this. I guess that would make more sense than setting the auth everytime before opening a channel
@Bouchy This is not supposed to be needed, but it is (at least for some) since 2.54. I believe just plain setAuth() would work also.